Enabling embedded devices for

Industrial Internet Of Things

Scot Morrison & Arvind Raghuraman

 Example Topology in Industrial IoT

Private cloud Public cloud

IT - Information Technology

All these devices (Edge and End-nodes) need to beTechnology

OT - Operational Managed, Monitored, and Maintained
ERP
Robust Device Management is a table stake requirement!
MES
Second level Edge processing

First level Edge processing SCADA/

HMI
PLC PLC
Field
level

Component
level

Sensors, actuators, sensor hubs, process controllers

Restricted © 2018 Mentor Graphics Corporation

Device management considerations in Industrial IoT
What do we need ?
• Create/Delete device identity on the backend
Identity management • Provision device with identity
• Secure onboarding

• Protocol suite & APIs for communications

Communications • Synchronous & Asynchronous messaging
• Events & Notifications

• Data models to enable device expose parameters and methods of interest

Configuration and control
• Device twins and other higher order constructs

• Monitor system and software

Monitoring & diagnostics • System & container - CPU, Memory, Storage, Networking, IO utilization
• Troubleshoot – profile, execute diagnostics

• Update and manage device firmware, apps, configuration artifacts, & patch for security flaws
Maintenance • Assess firmware health with support for rollback
• Update and manage device applications

Restricted © 2018 Mentor Graphics Corporation

 Device security considerations for Industrial IoT

Authentication Data integrity Privacy Non-repudiation

Device secure boot – Authenticate origin of device software Protect data in motion – Authenticate & ensure privacy of
• PKI based authentication of device firmware artifacts communications

Device Authentication – Authenticate origin of device • Symmetric certificate based authentication of sessions

• PKI based authentication of device identity • Encryption for privacy

Protect data at rest – Protect device secrets Separation of OT & IT networks

• Tamper proof secure storage • Firewalls to prevent external access to OT network

• Encryption of data at rest

Restricted © 2018 Mentor Graphics Corporation
What's available to system developers ..
Cloud platform provided infrastructure

Additional services required for device mgmt

IoT Cloud Architecture IoT Device Architecture

Applications
Applications User Applications
Applications

Message Routing

Connectivity
Data & Event monitoring & OS/System
mgmt. Cloud Vendor
Services for Device
Device SDK
Mgmt.
Device Management

Device Registry Networking & IO

Cloud OS/PaaS Operating System (RTOS or Linux)

Restricted © 2018 Mentor Graphics Corporation

Mentor Embedded IoT Framework
 Features
— Integrates device SDKs for supported cloud platforms
— Device Management
— Firmware Management
— Apps management – Docker and Docker compose
User apps Framework Agent — Health monitoring & diagnostics
— Profiling
Device Firmware App  Support for multiple cloud platforms
Mgmt Mgmt Mgmt
— Amazon Web Services (AWS), Microsoft Azure
Cloud SDK Health Monitoring
& Diagnostics
Profiling  Support for several OSS backend device management assets
— Eclipse IoT - Leshan for device management
Framework Services — Eclipse IoT - hawkBit for fleet software management
— Grafana for health monitoring
OSAL — Things board for data visualization with configurable user dashboards

OS  Scalable across device form factors

Device Hardware  Portable across device run-time environments

 Host tools to secure update & data artifacts for the device
 Extensible for customization

Restricted © 2018 Mentor Graphics Corporation

End

Restricted © 2018 Mentor Graphics Corporation